Private equity and Cyber Security Part 2: Identifying risk in the portfolio
March 10, 2015
Identifying cyber security threats to a private equity portfolio is a wide-ranging and challenging task. However, with losses to corporates in the UK running to £27 billion annually according to the Cabinet Office, it is a task worth undertaking for private equity firms.
A cyber breach can translate into a tangible decrease in of a portfolio company’s valuation. As our latest 'Guide to Cyber Security' explains, this can be due to reputational damage, a breakdown of consumer trust or the loss of valuable intellectual property to a competitor.
As a starting point, it should be assumed that regardless of the type of data they hold, all organisations are at risk from opportunistic attacks (including data theft and destruction) or targeted fraud. However, certain organisations are more likely targets based on the amount or exploitability of the data they hold and the sector in which they operate.
Three key datasets or types of information that are known to increase the likelihood of an organisation being the target of an attack are:
1. Trade secrets
Trade secrets including intellectual property, business intelligence and confidential communications are all common targets of cyber attacks. In particular, organisations whose business is underpinned by the development of intellectual property are likely to be targets of espionage. Private equity and venture capital firms often invest in emerging technologies and new markets. Such companies have valuable trade secrets, which, if stolen, could provide a competitive advantage to the receiving party.
2. Consumer data
Consumer data, including financial information and any personal identity information, remains a primary focus of cyber attacks. Organised cyber criminals employ a variety of methods to obtain such data, either to facilitate immediate financial gain or to acquire as commodities to sell on the black market. Retail organisations are at particular risk of this type of threat, because they hold a large amount of personal data and payment card information.
3. Government assets or critical national infrastructure
Organisations involved in the government and defence sector face a range of threats with different motives. Intellectual property theft is a permanent risk to most defence organisations, the threat coming from state-sponsored targeted espionage. Moreover, organisations involved in government or critical infrastructure are prone to hacktivists – those seeking to disrupt in order to raise an issue or prove a political agenda.
In the next blog I will outline exactly what private equity firms can and should be doing to mitigate the risk of cyber security breaches.
In the meantime, if you would like to discuss measures to safeguard against cyber crime, then please do get in touch using the details below. You can also find more information on this topic in our 'Guide to Cyber Security'.